Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tDTtT-0011At-VM for pgsql-hackers@arkaria.postgresql.org; Tue, 19 Nov 2024 19:28:11 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tDTtS-00GRv2-FH for pgsql-hackers@arkaria.postgresql.org; Tue, 19 Nov 2024 19:28:10 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tDTtS-00GRut-4J for pgsql-hackers@lists.postgresql.org; Tue, 19 Nov 2024 19:28:10 +0000 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tDTtP-002kKT-52 for pgsql-hackers@lists.postgresql.org; Tue, 19 Nov 2024 19:28:08 +0000 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-4315e62afe0so12247355e9.1 for ; Tue, 19 Nov 2024 11:28:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732044485; x=1732649285; darn=lists.postgresql.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=2YRVOAttu6j8x89O89p3nc5NqIqB3l5l5pU/uzsxYMM=; b=LgTLSu10CG1Kd4N+Q/AeYdAkTVLAS/W4iZwTlzBuTWxDxUdKs3lD3oJ1Uyd03o1itA zD4pDJtEpz43LfzZZjITBFb5T3VepxkXGnmZinB+YFciI8V1vNiXtGfGBXgZJKop7T8A 8K52eSMCO3Vfm8E1ocXRkoGnJL/4WkOLEga2gA3O2471uKVT1IccAYu7EbDThkKQlQ9m qDy0QkXiqYGi6Vq0bMpiaiGwlKH0kPeCyZwlvFVi8I9MnI62l2cYD/r4k6GJ+5kyNJIH AdzP9Druj/kMUufPNnqDwdYDc0UqbzIJD8EOzY0OLjlPsCsqrJVI3EVQ3qCIikjgW0h8 LfwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732044485; x=1732649285; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=2YRVOAttu6j8x89O89p3nc5NqIqB3l5l5pU/uzsxYMM=; b=vs9oVCgFdCSRzziZY1y31QW4y5tkWCB5mCckWaoUr2TKBQBDdHw+2LBCKzmvwcrrGA NkrswVC0QAeKTAgE9PrFNiYOAwH75Y8G2tSj8JWxGaGbYHyXNQp/hHLifrjag0MaNemq nkwKLXjhEBBqG5g4uZf8dU3iA9qZd/zOJNe6uGYoXfga55Y1cjQ58qO4m/atZ2lOrDbC 4zXUGkakarS7es8FMlQaYa78yoVw9lTs/knQY78JDZGiHnAMXhL/7n/oEbZBm5MKgR+H ZjIJOpIxL+wLQYwbWj8YbsiNHuqvE6KKWcT1D9Kv1OJIbEv1zZ0AMW1SN8BkDd7hNaQC Y9IQ== X-Gm-Message-State: AOJu0Yx2k9m+nk8dFEoQaVGqi3WRhSYS2XAn48rI1HDhm9mfWtyHoEKV 0b0vJhxheq4+hUOGgyiPrazN+OZzRC3QvBuWn48Z18NNuJYzzyMy X-Google-Smtp-Source: AGHT+IETt4vLAHeDv4F70x20GFuebq2UBxtQvJENc7yY0c8jsaJ+Pmpi+gXdLDUi3miTST9f/7Q8KA== X-Received: by 2002:a05:600c:870f:b0:42c:b1ee:4b04 with SMTP id 5b1f17b1804b1-4334f021c2bmr939145e9.28.1732044485226; Tue, 19 Nov 2024 11:28:05 -0800 (PST) Received: from ip-10-97-1-34.eu-west-3.compute.internal (ec2-15-236-134-5.eu-west-3.compute.amazonaws.com. [15.236.134.5]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-432dab80821sm201290615e9.23.2024.11.19.11.28.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 11:28:04 -0800 (PST) Date: Tue, 19 Nov 2024 19:28:03 +0000 From: Bertrand Drouvot To: Emanuele Musella Cc: pgsql-hackers@lists.postgresql.org Subject: Re: Parametrization minimum password lenght Message-ID: References: <5702ea42-3599-4062-bd15-3e3c7cc67e6e@vondra.me> <9bd48f6d-dec0-48be-8db3-c3b29be588e7@vondra.me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi, On Mon, Nov 18, 2024 at 05:21:18PM +0100, Emanuele Musella wrote: > We notice some errors on CFBot results. FWIW, you can run "cfbot like" tests on your own repo (see [1]). > In attached the errors fixed Thanks for the updated version! A few random comments: === 1 trailing whitespace: $ git apply min_password_length_v7.patch min_password_length_v7.patch:130: trailing whitespace. There is a configuration parameter that control the behavior warning: 1 line adds whitespace errors. === 2 + * Author: Maurizio Boriani + * Author: Emanuele Musella Same comment as in [2]. === 3 - int pwdlen = strlen(password); + int pwdlen = pg_mbstrlen(password); Sorry if I was not clear in [2], but I meant to say to keep using strlen() to be consistent with the current behavior. === 4 + GUC_UNIT_BYTE, this is correct if strlen() is used (see above comment). === 5 + 0, INT_MAX, INT_MAX seems too large and 0 too low. Maybe we should not allow less than it was before the patch (8). For the max, maybe something like PG_MAX_AUTH_TOKEN_LENGTH? (see the comment in src/backend/libpq/auth.c) === 6 + There is a configuration parameter that control the behavior + passwordcheck s/behavior/behavior of/? === 7 + passwordcheck.min_password_length is the minimum length + of accepted password on database users. + If not setted the default is 8 bytes. What about? "is the minimum password length in bytes. The default is 8." === 7 + + +# postgresql.conf +session_preload_libraries = 'passwordcheck' +passwordcheck.min_password_length = 12 + + What about a sentence before? Something like for auto_explain means "In ordinary usage, these parameters are set in postgresql.conf,............" [1]: https://github.com/postgres/postgres/blob/master/src/tools/ci/README [2]: https://www.postgresql.org/message-id/ZzsZZY3YrO6hinnT%40ip-10-97-1-34.eu-west-3.compute.internal Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com